We All Carry Weapons In Our Pockets: The Case For A Digital Geneva Convention
In 2017, Microsoft President Brad Smith presented a project to bridge diplomacy and cyberwarfare: a Digital Geneva Convention. Cyber is considered the 5th battleground after land, sea, air and space. Broadly speaking, there are two types of cyberattacks: led by private actors or sovereign states. In both cases, computer programs and electronic devices are their weapons – including the ones in our pockets.
The proposal came a few months after President Donald Trump’s election in the US, whose victory has been stained by allegations of support from Russian intelligence and disinformation campaigns. Brad Smith explains that a ‘new arms race’ is taking place and that the Digital Geneva Convention would seek to protect civilians from sovereign-led cyberwarfare such as elections meddling.
One event is often considered the tipping-point in cyberwarfare. In 2010, the US led a cyberattack on Iranian nuclear facilities. Without firing a single shot, thanks to a computer worm called Stuxnet, they managed to neutralize around a thousand fuel enrichment centrifuges. According to New York Times correspondent David Sanger, this opened a pandora’s box for other states to ramp up their cyber capabilities.
The defence community considers that the new first step of warfare in the digital age consists of unplugging a country before actually sending ‘real’ troops. Consider how much harm was inflicted upon UK hospitals when they were attacked in 2015, allegedly by Russia. Of course, the British looked on the bright side of life and jokingly referred to the NHS as the ‘national hacked service,’ but this paints a scary picture of the potential damage to civilians a large-scale cyberattack could cause. The widespread adoption of cloud technologies and internet of things only adds to the urgency.
Imagine the ethical issues at play if a hostile state could remotely turn rogue electronic devices in thousands of people’s households, in the same fashion as the US made Iranian centrifuges spin much faster than they should. A black-mirror scenario of making thousands of people’s smartphones overheat and explode remotely does not seem so far-fetched. In that case our pockets would be filled with weapons… aimed against ourselves. This risk will only increase as, for instance, connected ovens, watches and self-driving cars become more popular.
What would Microsoft’s Digital Geneva Convention contain? To name a few proposals from its policy paper: refraining from attacking infrastructure that would affect the safety and security of civilians (e.g. hospitals, electric grids), from disrupting the global economy (e.g. financial institutions), to agree to a non-proliferation in cyberweapons, not to target data held by journalists or citizens involved in electoral processes.
There already were several initiatives emanating from the public sector, for instance the Tallinn manuals commanded by NATO and the Budapest Convention on cybercrime from 2001, but these did not get enough traction and became quickly outdated. They all essentially relied on the Charter of the United Nations which states that an act of aggression can only be considered to have taken place if armed forces are brought within the borders of another country. In the age of the internet, this definition is insufficient.
However, the proposal has several critics. At the time of writing, Amazon, Apple and Google have not signed the Tech Accord. This of course does not mean that they are against it, but signals some issues with the proposal. David Sanger summarized well the critics: ‘Cyberweapons are in the hands of states, terrorist groups, criminal groups, and teenagers. Most of those don’t sign treaties. (…) I find this the least bad idea in a series of bad ideas out there on how to go deal with cyber.’ Other critics accuse Microsoft, and by extension Silicon Valley, of double standards and conflicts of interest by trying to separate itself from government warfare.
It is well documented that the US military has, since the origins of Silicon Valley, been an important client and that the Pentagon had in the past commanded tech companies to include back-doors in their devices so it could spy on other countries – something it now fears China would be doing with Huawei. Furthermore, Dustin Lewis, senior researcher at the Harvard Law School Program on International Law and Armed Conflict explains that ‘A key question becomes whether the Microsoft proposal is likely to do more damage by questioning the applicability of international law or to have more beneficial effects by spurring interest in legal norms.’
It also forces conversations about the protection of civilians in that context, and the influence of the private sector in global affairs. Most importantly, it urges the international community to take action in a world in which, as Chinese President Xi Jinping put it: ‘without cybersecurity there is no national security.’